2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * Purpose: handle dpc rx functions
28 * device_receive_frame - Rcv 802.11 frame function
29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl.
30 * s_bAPModeRxData- AP Rcv data frame handle
31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly
32 * s_bHostWepRxEncryption- Rcv encrypted data via host
33 * s_byGetRateIdx- get rate index
34 * s_vGetDASA- get data offset
35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3
42 #if !defined(__DEVICE_H__)
45 #if !defined(__RXTX_H__)
48 #if !defined(__TETHER_H__)
51 #if !defined(__CARD_H__)
54 #if !defined(__BSSDB_H__)
57 #if !defined(__MAC_H__)
60 #if !defined(__BASEBAND_H__)
63 #if !defined(__UMEM_H__)
66 #if !defined(__MICHAEL_H__)
69 #if !defined(__TKIP_H__)
72 #if !defined(__TCRC_H__)
75 #if !defined(__WCTL_H__)
78 #if !defined(__TBIT_H__)
81 #if !defined(__HOSTAP_H__)
84 #if !defined(__RF_H__)
87 #if !defined(__IOWPA_H__)
90 #if !defined(__AES_H__)
93 #if !defined(__DATARATE_H__)
96 #if !defined(__USBPIPE_H__)
101 /*--------------------- Static Definitions -------------------------*/
103 /*--------------------- Static Classes ----------------------------*/
105 /*--------------------- Static Variables --------------------------*/
106 //static int msglevel =MSG_LEVEL_DEBUG;
107 static int msglevel
=MSG_LEVEL_INFO
;
109 const BYTE acbyRxRate
[MAX_RATE
] =
110 {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108};
113 /*--------------------- Static Functions --------------------------*/
115 /*--------------------- Static Definitions -------------------------*/
117 /*--------------------- Static Functions --------------------------*/
119 static BYTE
s_byGetRateIdx(IN BYTE byRate
);
125 IN PBYTE pbyRxBufferAddr
,
126 OUT PUINT pcbHeaderSize
,
127 OUT PSEthernetHeader psEthHeader
132 s_vProcessRxMACHeader (
134 IN PBYTE pbyRxBufferAddr
,
135 IN UINT cbPacketSize
,
138 OUT PUINT pcbHeadSize
141 static BOOL
s_bAPModeRxCtl(
149 static BOOL
s_bAPModeRxData (
151 IN
struct sk_buff
* skb
,
153 IN UINT cbHeaderOffset
,
159 static BOOL
s_bHandleRxEncryption(
165 OUT PSKeyItem
*pKeyOut
,
167 OUT PWORD pwRxTSC15_0
,
168 OUT PDWORD pdwRxTSC47_16
171 static BOOL
s_bHostWepRxEncryption(
181 OUT PWORD pwRxTSC15_0
,
182 OUT PDWORD pdwRxTSC47_16
186 /*--------------------- Export Variables --------------------------*/
191 * Translate Rcv 802.11 header to 802.3 header with Rx buffer
196 * dwRxBufferAddr - Address of Rcv Buffer
197 * cbPacketSize - Rcv Packet size
198 * bIsWEP - If Rcv with WEP
200 * pcbHeaderSize - 802.11 header size
207 s_vProcessRxMACHeader (
209 IN PBYTE pbyRxBufferAddr
,
210 IN UINT cbPacketSize
,
213 OUT PUINT pcbHeadSize
217 UINT cbHeaderSize
= 0;
219 PS802_11Header pMACHeader
;
223 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
225 s_vGetDASA((PBYTE
)pMACHeader
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
229 // strip IV&ExtIV , add 8 byte
230 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 8);
232 // strip IV , add 4 byte
233 cbHeaderSize
+= (WLAN_HDR_ADDR3_LEN
+ 4);
237 cbHeaderSize
+= WLAN_HDR_ADDR3_LEN
;
240 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
241 if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer
, &pDevice
->abySNAP_Bridgetunnel
[0])) {
244 else if (IS_ETH_ADDRESS_EQUAL(pbyRxBuffer
, &pDevice
->abySNAP_RFC1042
[0])) {
246 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
247 if ((*pwType
!= TYPE_PKT_IPX
) && (*pwType
!= cpu_to_le16(0xF380))) {
251 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
254 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
256 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
260 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
266 pwType
= (PWORD
) (pbyRxBufferAddr
+ cbHeaderSize
);
269 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 8); // 8 is IV&ExtIV
271 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
- 4); // 4 is IV
275 *pwType
= htons(cbPacketSize
- WLAN_HDR_ADDR3_LEN
);
279 cbHeaderSize
-= (U_ETHER_ADDR_LEN
* 2);
280 pbyRxBuffer
= (PBYTE
) (pbyRxBufferAddr
+ cbHeaderSize
);
281 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++)
282 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abyDstAddr
[ii
];
283 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++)
284 *pbyRxBuffer
++ = pDevice
->sRxEthHeader
.abySrcAddr
[ii
];
286 *pcbHeadSize
= cbHeaderSize
;
292 static BYTE
s_byGetRateIdx (IN BYTE byRate
)
296 for (byRateIdx
= 0; byRateIdx
<MAX_RATE
; byRateIdx
++) {
297 if (acbyRxRate
[byRateIdx
%MAX_RATE
] == byRate
)
307 IN PBYTE pbyRxBufferAddr
,
308 OUT PUINT pcbHeaderSize
,
309 OUT PSEthernetHeader psEthHeader
312 UINT cbHeaderSize
= 0;
313 PS802_11Header pMACHeader
;
316 pMACHeader
= (PS802_11Header
) (pbyRxBufferAddr
+ cbHeaderSize
);
318 if ((pMACHeader
->wFrameCtl
& FC_TODS
) == 0) {
319 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
320 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++) {
321 psEthHeader
->abyDstAddr
[ii
] = pMACHeader
->abyAddr1
[ii
];
322 psEthHeader
->abySrcAddr
[ii
] = pMACHeader
->abyAddr3
[ii
];
327 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++) {
328 psEthHeader
->abyDstAddr
[ii
] = pMACHeader
->abyAddr1
[ii
];
329 psEthHeader
->abySrcAddr
[ii
] = pMACHeader
->abyAddr2
[ii
];
335 if (pMACHeader
->wFrameCtl
& FC_FROMDS
) {
336 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++) {
337 psEthHeader
->abyDstAddr
[ii
] = pMACHeader
->abyAddr3
[ii
];
338 psEthHeader
->abySrcAddr
[ii
] = pMACHeader
->abyAddr4
[ii
];
343 for(ii
=0;ii
<U_ETHER_ADDR_LEN
;ii
++) {
344 psEthHeader
->abyDstAddr
[ii
] = pMACHeader
->abyAddr3
[ii
];
345 psEthHeader
->abySrcAddr
[ii
] = pMACHeader
->abyAddr2
[ii
];
349 *pcbHeaderSize
= cbHeaderSize
;
356 RXbBulkInProcessData (
359 IN ULONG BytesToIndicate
363 struct net_device_stats
* pStats
=&pDevice
->stats
;
365 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
366 PSRxMgmtPacket pRxPacket
= &(pMgmt
->sRxPacket
);
367 PS802_11Header p802_11Header
;
373 BOOL bDeFragRx
= FALSE
;
377 INT iSANodeIndex
= -1;
378 INT iDANodeIndex
= -1;
384 #ifdef Calcu_LinkQual
388 PSKeyItem pKey
= NULL
;
390 DWORD dwRxTSC47_16
= 0;
397 PRCB pRCBIndicate
= pRCB
;
400 BYTE abyVaildRate
[MAX_RATE
] = {2,4,11,22,12,18,24,36,48,72,96,108};
401 WORD wPLCPwithPadding
;
402 PS802_11Header pMACHeader
;
403 BOOL bRxeapol_key
= FALSE
;
407 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- RXbBulkInProcessData---\n");
411 //[31:16]RcvByteCount ( not include 4-byte Status )
412 dwWbkStatus
= *( (PDWORD
)(skb
->data
) );
413 FrameSize
= (UINT
)(dwWbkStatus
>> 16);
416 if (BytesToIndicate
!= FrameSize
) {
417 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 1 \n");
421 if ((BytesToIndicate
> 2372)||(BytesToIndicate
<= 40)) {
422 // Frame Size error drop this packet.
423 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---------- WRONG Length 2 \n");
427 pbyDAddress
= (PBYTE
)(skb
->data
);
428 pbyRxSts
= pbyDAddress
+4;
429 pbyRxRate
= pbyDAddress
+5;
431 //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding
432 //if SQ3 the range is 24~27, if no SQ3 the range is 20~23
433 //real Frame size in PLCPLength field.
434 pwPLCP_Length
= (PWORD
) (pbyDAddress
+ 6);
435 //Fix hardware bug => PLCP_Length error
436 if ( ((BytesToIndicate
- (*pwPLCP_Length
)) > 27) ||
437 ((BytesToIndicate
- (*pwPLCP_Length
)) < 24) ||
438 (BytesToIndicate
< (*pwPLCP_Length
)) ) {
440 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong PLCP Length %x\n", (int) *pwPLCP_Length
);
444 for ( ii
=RATE_1M
;ii
<MAX_RATE
;ii
++) {
445 if ( *pbyRxRate
== abyVaildRate
[ii
] ) {
449 if ( ii
==MAX_RATE
) {
450 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Wrong RxRate %x\n",(int) *pbyRxRate
);
454 wPLCPwithPadding
= ( (*pwPLCP_Length
/ 4) + ( (*pwPLCP_Length
% 4) ? 1:0 ) ) *4;
456 pqwTSFTime
= (PQWORD
) (pbyDAddress
+ 8 + wPLCPwithPadding
);
457 #ifdef Calcu_LinkQual
458 if(pDevice
->byBBType
== BB_TYPE_11G
) {
459 pby3SQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 12;
463 pbySQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 8;
467 pbySQ
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 8;
469 pbyNewRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 9;
470 pbyRSSI
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 10;
471 pbyRsr
= pbyDAddress
+ 8 + wPLCPwithPadding
+ 11;
473 FrameSize
= *pwPLCP_Length
;
475 pbyFrame
= pbyDAddress
+ 8;
476 // update receive statistic counter
478 STAvUpdateRDStatCounter(&pDevice
->scStatistic
,
488 pMACHeader
= (PS802_11Header
) pbyFrame
;
490 //mike add: to judge if current AP is activated?
491 if ((pMgmt
->eCurrMode
== WMAC_MODE_STANDBY
) ||
492 (pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
)) {
493 if (pMgmt
->sNodeDBTable
[0].bActive
) {
494 if(IS_ETH_ADDRESS_EQUAL (pMgmt
->abyCurrBSSID
, pMACHeader
->abyAddr2
) ) {
495 if (pMgmt
->sNodeDBTable
[0].uInActiveCount
!= 0)
496 pMgmt
->sNodeDBTable
[0].uInActiveCount
= 0;
501 if (!IS_MULTICAST_ADDRESS(pMACHeader
->abyAddr1
) && !IS_BROADCAST_ADDRESS(pMACHeader
->abyAddr1
)) {
502 if ( WCTLbIsDuplicate(&(pDevice
->sDupRxCache
), (PS802_11Header
) pbyFrame
) ) {
503 pDevice
->s802_11Counter
.FrameDuplicateCount
++;
507 if ( !IS_ETH_ADDRESS_EQUAL (pDevice
->abyCurrentNetAddr
, pMACHeader
->abyAddr1
) ) {
514 s_vGetDASA(pbyFrame
, &cbHeaderSize
, &pDevice
->sRxEthHeader
);
516 if (IS_ETH_ADDRESS_EQUAL((PBYTE
)&(pDevice
->sRxEthHeader
.abySrcAddr
[0]), pDevice
->abyCurrentNetAddr
))
519 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) || (pMgmt
->eCurrMode
== WMAC_MODE_IBSS_STA
)) {
520 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
521 p802_11Header
= (PS802_11Header
) (pbyFrame
);
523 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(p802_11Header
->abyAddr2
), &iSANodeIndex
)) {
524 pMgmt
->sNodeDBTable
[iSANodeIndex
].ulLastRxJiffer
= jiffies
;
525 pMgmt
->sNodeDBTable
[iSANodeIndex
].uInActiveCount
= 0;
530 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
531 if (s_bAPModeRxCtl(pDevice
, pbyFrame
, iSANodeIndex
) == TRUE
) {
537 if (IS_FC_WEP(pbyFrame
)) {
538 BOOL bRxDecryOK
= FALSE
;
540 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"rx WEP pkt\n");
542 if ((pDevice
->bEnableHostWEP
) && (iSANodeIndex
>= 0)) {
544 pKey
->byCipherSuite
= pMgmt
->sNodeDBTable
[iSANodeIndex
].byCipherSuite
;
545 pKey
->dwKeyIndex
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwKeyIndex
;
546 pKey
->uKeyLength
= pMgmt
->sNodeDBTable
[iSANodeIndex
].uWepKeyLength
;
547 pKey
->dwTSC47_16
= pMgmt
->sNodeDBTable
[iSANodeIndex
].dwTSC47_16
;
548 pKey
->wTSC15_0
= pMgmt
->sNodeDBTable
[iSANodeIndex
].wTSC15_0
;
550 &pMgmt
->sNodeDBTable
[iSANodeIndex
].abyWepKey
[0],
554 bRxDecryOK
= s_bHostWepRxEncryption(pDevice
,
558 pMgmt
->sNodeDBTable
[iSANodeIndex
].bOnFly
,
565 bRxDecryOK
= s_bHandleRxEncryption(pDevice
,
577 if ((*pbyNewRsr
& NEWRSR_DECRYPTOK
) == 0) {
578 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV Fail\n");
579 if ( (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
580 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
581 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
582 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
583 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
585 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
586 pDevice
->s802_11Counter
.TKIPICVErrors
++;
587 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
)) {
588 pDevice
->s802_11Counter
.CCMPDecryptErrors
++;
589 } else if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_WEP
)) {
590 // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++;
596 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"WEP Func Fail\n");
599 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_CCMP
))
600 FrameSize
-= 8; // Message Integrity Code
602 FrameSize
-= 4; // 4 is ICV
609 //remove the CRC length
610 FrameSize
-= U_CRC_LEN
;
612 if ((BITbIsAllBitsOff(*pbyRsr
, (RSR_ADDRBROAD
| RSR_ADDRMULTI
))) && // unicast address
613 (IS_FRAGMENT_PKT((pbyFrame
)))
616 bDeFragRx
= WCTLbHandleFragment(pDevice
, (PS802_11Header
) (pbyFrame
), FrameSize
, bIsWEP
, bExtIV
);
617 pDevice
->s802_11Counter
.ReceivedFragmentCount
++;
620 // TODO skb, pbyFrame
621 skb
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].skb
;
622 FrameSize
= pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
].cbFrameLength
;
623 pbyFrame
= skb
->data
+ 8;
631 // Management & Control frame Handle
633 if ((IS_TYPE_DATA((pbyFrame
))) == FALSE
) {
634 // Handle Control & Manage Frame
636 if (IS_TYPE_MGMT((pbyFrame
))) {
640 pRxPacket
= &(pRCB
->sMngPacket
);
641 pRxPacket
->p80211Header
= (PUWLAN_80211HDR
)(pbyFrame
);
642 pRxPacket
->cbMPDULen
= FrameSize
;
643 pRxPacket
->uRSSI
= *pbyRSSI
;
644 pRxPacket
->bySQ
= *pbySQ
;
645 HIDWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(HIDWORD(*pqwTSFTime
));
646 LODWORD(pRxPacket
->qwLocalTSF
) = cpu_to_le32(LODWORD(*pqwTSFTime
));
649 pbyData1
= WLAN_HDR_A3_DATA_PTR(pbyFrame
);
650 pbyData2
= WLAN_HDR_A3_DATA_PTR(pbyFrame
) + 4;
651 for (ii
= 0; ii
< (FrameSize
- 4); ii
++) {
652 *pbyData1
= *pbyData2
;
658 pRxPacket
->byRxRate
= s_byGetRateIdx(*pbyRxRate
);
660 if ( *pbyRxSts
== 0 ) {
661 //Discard beacon packet which channel is 0
662 if ( (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_BEACON
) ||
663 (WLAN_GET_FC_FSTYPE((pRxPacket
->p80211Header
->sA3
.wFrameCtl
)) == WLAN_FSTYPE_PROBERESP
) ) {
667 pRxPacket
->byRxChannel
= (*pbyRxSts
) >> 2;
669 // hostap Deamon handle 802.11 management
670 if (pDevice
->bEnableHostapd
) {
671 skb
->dev
= pDevice
->apdev
;
676 skb_put(skb
, FrameSize
);
677 //2008-4-3 modify by Chester for wpa
678 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
679 skb
->mac_header
= skb
->data
;
681 skb
->mac
.raw
= skb
->data
;
683 skb
->pkt_type
= PACKET_OTHERHOST
;
684 skb
->protocol
= htons(ETH_P_802_2
);
685 memset(skb
->cb
, 0, sizeof(skb
->cb
));
691 // Insert the RCB in the Recv Mng list
693 EnqueueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
, pRCBIndicate
);
694 pDevice
->NumRecvMngList
++;
695 if ( bDeFragRx
== FALSE
) {
698 if (pDevice
->bIsRxMngWorkItemQueued
== FALSE
) {
699 pDevice
->bIsRxMngWorkItemQueued
= TRUE
;
700 tasklet_schedule(&pDevice
->RxMngWorkItem
);
710 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
711 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC.
712 if (BITbIsBitOff(*pbyRsr
, RSR_BSSIDOK
)) {
714 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
715 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
723 // discard DATA packet while not associate || BSSID error
724 if ((pDevice
->bLinkPass
== FALSE
) ||
725 BITbIsBitOff(*pbyRsr
, RSR_BSSIDOK
)) {
727 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
728 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
734 //mike add:station mode check eapol-key challenge--->
736 BYTE Protocol_Version
; //802.1x Authentication
737 BYTE Packet_Type
; //802.1x Authentication
738 BYTE Descriptor_type
;
744 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
745 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
746 Protocol_Version
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1];
747 Packet_Type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1];
748 if (wEtherType
== ETH_P_PAE
) { //Protocol Type in LLC-Header
749 if(((Protocol_Version
==1) ||(Protocol_Version
==2)) &&
750 (Packet_Type
==3)) { //802.1x OR eapol-key challenge frame receive
752 Descriptor_type
= skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2];
753 Key_info
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1 +1+1+1+2+2] ;
754 if(Descriptor_type
==2) { //RSN
755 // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info);
757 else if(Descriptor_type
==254) {
758 // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info);
763 //mike add:station mode check eapol-key challenge<---
771 if (pDevice
->bEnablePSMode
) {
772 if (IS_FC_MOREDATA((pbyFrame
))) {
773 if (BITbIsBitOn(*pbyRsr
, RSR_ADDROK
)) {
774 //PSbSendPSPOLL((PSDevice)pDevice);
778 if (pMgmt
->bInTIMWake
== TRUE
) {
779 pMgmt
->bInTIMWake
= FALSE
;
784 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps
785 if (pDevice
->bDiversityEnable
&& (FrameSize
>50) &&
786 (pDevice
->eOPMode
== OP_MODE_INFRASTRUCTURE
) &&
787 (pDevice
->bLinkPass
== TRUE
)) {
788 BBvAntennaDiversity(pDevice
, s_byGetRateIdx(*pbyRxRate
), 0);
791 // ++++++++ For BaseBand Algorithm +++++++++++++++
792 pDevice
->uCurrRSSI
= *pbyRSSI
;
793 pDevice
->byCurrSQ
= *pbySQ
;
797 if ((*pbyRSSI != 0) &&
798 (pMgmt->pCurrBSS!=NULL)) {
799 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm);
800 // Moniter if RSSI is too strong.
801 pMgmt->pCurrBSS->byRSSIStatCnt++;
802 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT;
803 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm;
804 for(ii=0;ii<RSSI_STAT_COUNT;ii++) {
805 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) {
806 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm);
813 // -----------------------------------------------
815 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) && (pDevice
->bEnable8021x
== TRUE
)){
818 // Only 802.1x packet incoming allowed
823 wEtherType
= (skb
->data
[cbIVOffset
+ 8 + 24 + 6] << 8) |
824 skb
->data
[cbIVOffset
+ 8 + 24 + 6 + 1];
826 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"wEtherType = %04x \n", wEtherType
);
827 if (wEtherType
== ETH_P_PAE
) {
828 skb
->dev
= pDevice
->apdev
;
830 if (bIsWEP
== TRUE
) {
831 // strip IV header(8)
832 memcpy(&abyMacHdr
[0], (skb
->data
+ 8), 24);
833 memcpy((skb
->data
+ 8 + cbIVOffset
), &abyMacHdr
[0], 24);
836 skb
->data
+= (cbIVOffset
+ 8);
837 skb
->tail
+= (cbIVOffset
+ 8);
838 skb_put(skb
, FrameSize
);
839 //2008-4-3 modify by Chester for wpa
840 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
841 skb
->mac_header
= skb
->data
;
843 skb
->mac
.raw
= skb
->data
;
845 skb
->pkt_type
= PACKET_OTHERHOST
;
846 skb
->protocol
= htons(ETH_P_802_2
);
847 memset(skb
->cb
, 0, sizeof(skb
->cb
));
852 // check if 802.1x authorized
853 if (!(pMgmt
->sNodeDBTable
[iSANodeIndex
].dwFlags
& WLAN_STA_AUTHORIZED
))
858 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
860 FrameSize
-= 8; //MIC
864 //--------------------------------------------------------------------------------
866 if ((pKey
!= NULL
) && (pKey
->byCipherSuite
== KEY_CTL_TKIP
)) {
870 DWORD dwMIC_Priority
;
871 DWORD dwMICKey0
= 0, dwMICKey1
= 0;
872 DWORD dwLocalMIC_L
= 0;
873 DWORD dwLocalMIC_R
= 0;
874 viawget_wpa_header
*wpahdr
;
877 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
878 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
879 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
882 if (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) {
883 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
884 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
885 } else if ((pKey
->dwKeyIndex
& BIT28
) == 0) {
886 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[16]));
887 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[20]));
889 dwMICKey0
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[24]));
890 dwMICKey1
= cpu_to_le32(*(PDWORD
)(&pKey
->abyKey
[28]));
894 MIC_vInit(dwMICKey0
, dwMICKey1
);
895 MIC_vAppend((PBYTE
)&(pDevice
->sRxEthHeader
.abyDstAddr
[0]), 12);
897 MIC_vAppend((PBYTE
)&dwMIC_Priority
, 4);
898 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV.
899 MIC_vAppend((PBYTE
)(skb
->data
+ 8 + WLAN_HDR_ADDR3_LEN
+ 8),
900 FrameSize
- WLAN_HDR_ADDR3_LEN
- 8);
901 MIC_vGetMIC(&dwLocalMIC_L
, &dwLocalMIC_R
);
904 pdwMIC_L
= (PDWORD
)(skb
->data
+ 8 + FrameSize
);
905 pdwMIC_R
= (PDWORD
)(skb
->data
+ 8 + FrameSize
+ 4);
908 if ((cpu_to_le32(*pdwMIC_L
) != dwLocalMIC_L
) || (cpu_to_le32(*pdwMIC_R
) != dwLocalMIC_R
) ||
909 (pDevice
->bRxMICFail
== TRUE
)) {
910 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"MIC comparison is fail!\n");
911 pDevice
->bRxMICFail
= FALSE
;
912 //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++;
913 pDevice
->s802_11Counter
.TKIPLocalMICFailures
++;
915 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
916 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
920 //2008-0409-07, <Add> by Einsn Liu
921 #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT
922 //send event to wpa_supplicant
923 //if(pDevice->bWPASuppWextEnabled == TRUE)
925 union iwreq_data wrqu
;
926 struct iw_michaelmicfailure ev
;
927 int keyidx
= pbyFrame
[cbHeaderSize
+3] >> 6; //top two-bits
928 memset(&ev
, 0, sizeof(ev
));
929 ev
.flags
= keyidx
& IW_MICFAILURE_KEY_ID
;
930 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
931 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
932 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
933 ev
.flags
|= IW_MICFAILURE_PAIRWISE
;
935 ev
.flags
|= IW_MICFAILURE_GROUP
;
938 ev
.src_addr
.sa_family
= ARPHRD_ETHER
;
939 memcpy(ev
.src_addr
.sa_data
, pMACHeader
->abyAddr2
, ETH_ALEN
);
940 memset(&wrqu
, 0, sizeof(wrqu
));
941 wrqu
.data
.length
= sizeof(ev
);
942 PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n");
943 wireless_send_event(pDevice
->dev
, IWEVMICHAELMICFAILURE
, &wrqu
, (char *)&ev
);
949 if ((pDevice
->bWPADEVUp
) && (pDevice
->skb
!= NULL
)) {
950 wpahdr
= (viawget_wpa_header
*)pDevice
->skb
->data
;
951 if ((pMgmt
->eCurrMode
== WMAC_MODE_ESS_STA
) &&
952 (pMgmt
->eCurrState
== WMAC_STATE_ASSOC
) &&
953 (*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) {
954 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR;
955 wpahdr
->type
= VIAWGET_PTK_MIC_MSG
;
957 //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR;
958 wpahdr
->type
= VIAWGET_GTK_MIC_MSG
;
960 wpahdr
->resp_ie_len
= 0;
961 wpahdr
->req_ie_len
= 0;
962 skb_put(pDevice
->skb
, sizeof(viawget_wpa_header
));
963 pDevice
->skb
->dev
= pDevice
->wpadev
;
964 //2008-4-3 modify by Chester for wpa
965 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
966 pDevice
->skb
->mac_header
= pDevice
->skb
->data
;
968 pDevice
->skb
->mac
.raw
= pDevice
->skb
->data
;
970 pDevice
->skb
->pkt_type
= PACKET_HOST
;
971 pDevice
->skb
->protocol
= htons(ETH_P_802_2
);
972 memset(pDevice
->skb
->cb
, 0, sizeof(pDevice
->skb
->cb
));
973 netif_rx(pDevice
->skb
);
974 pDevice
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
981 } //---end of SOFT MIC-----------------------------------------------------------------------
983 // ++++++++++ Reply Counter Check +++++++++++++
985 if ((pKey
!= NULL
) && ((pKey
->byCipherSuite
== KEY_CTL_TKIP
) ||
986 (pKey
->byCipherSuite
== KEY_CTL_CCMP
))) {
988 WORD wLocalTSC15_0
= 0;
989 DWORD dwLocalTSC47_16
= 0;
992 RSC
= *((ULONGLONG
*) &(pKey
->KeyRSC
));
993 wLocalTSC15_0
= (WORD
) RSC
;
994 dwLocalTSC47_16
= (DWORD
) (RSC
>>16);
999 MEMvCopy(&(pKey
->KeyRSC
), &RSC
, sizeof(QWORD
));
1001 if ( (pDevice
->sMgmtObj
.eCurrMode
== WMAC_MODE_ESS_STA
) &&
1002 (pDevice
->sMgmtObj
.eCurrState
== WMAC_STATE_ASSOC
)) {
1004 if ( (wRxTSC15_0
< wLocalTSC15_0
) &&
1005 (dwRxTSC47_16
<= dwLocalTSC47_16
) &&
1006 !((dwRxTSC47_16
== 0) && (dwLocalTSC47_16
== 0xFFFFFFFF))) {
1007 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC is illegal~~!\n ");
1008 if (pKey
->byCipherSuite
== KEY_CTL_TKIP
)
1009 //pDevice->s802_11Counter.TKIPReplays.QuadPart++;
1010 pDevice
->s802_11Counter
.TKIPReplays
++;
1012 //pDevice->s802_11Counter.CCMPReplays.QuadPart++;
1013 pDevice
->s802_11Counter
.CCMPReplays
++;
1016 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
1017 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1018 pDevice
->dev
->name
);
1025 } // ----- End of Reply Counter Check --------------------------
1028 s_vProcessRxMACHeader(pDevice
, (PBYTE
)(skb
->data
+8), FrameSize
, bIsWEP
, bExtIV
, &cbHeaderOffset
);
1029 FrameSize
-= cbHeaderOffset
;
1030 cbHeaderOffset
+= 8; // 8 is Rcv buffer header
1032 // Null data, framesize = 12
1036 if (pMgmt
->eCurrMode
== WMAC_MODE_ESS_AP
) {
1037 if (s_bAPModeRxData(pDevice
,
1046 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
1047 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1048 pDevice
->dev
->name
);
1056 skb
->data
+= cbHeaderOffset
;
1057 skb
->tail
+= cbHeaderOffset
;
1058 skb_put(skb
, FrameSize
);
1059 skb
->protocol
=eth_type_trans(skb
, skb
->dev
);
1060 skb
->ip_summed
=CHECKSUM_NONE
;
1061 pStats
->rx_bytes
+=skb
->len
;
1062 pStats
->rx_packets
++;
1065 if (!device_alloc_frag_buf(pDevice
, &pDevice
->sRxDFCB
[pDevice
->uCurrentDFCBIdx
])) {
1066 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
"%s: can not alloc more frag bufs\n",
1067 pDevice
->dev
->name
);
1076 static BOOL
s_bAPModeRxCtl (
1077 IN PSDevice pDevice
,
1082 PS802_11Header p802_11Header
;
1084 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1087 if (IS_CTL_PSPOLL(pbyFrame
) || !IS_TYPE_CONTROL(pbyFrame
)) {
1089 p802_11Header
= (PS802_11Header
) (pbyFrame
);
1090 if (!IS_TYPE_MGMT(pbyFrame
)) {
1092 // Data & PS-Poll packet
1093 // check frame class
1094 if (iSANodeIndex
> 0) {
1095 // frame class 3 fliter & checking
1096 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_AUTH
) {
1097 // send deauth notification
1098 // reason = (6) class 2 received from nonauth sta
1099 vMgrDeAuthenBeginSta(pDevice
,
1101 (PBYTE
)(p802_11Header
->abyAddr2
),
1102 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1105 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 1\n");
1108 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].eNodeState
< NODE_ASSOC
) {
1109 // send deassoc notification
1110 // reason = (7) class 3 received from nonassoc sta
1111 vMgrDisassocBeginSta(pDevice
,
1113 (PBYTE
)(p802_11Header
->abyAddr2
),
1114 (WLAN_MGMT_REASON_CLASS3_NONASSOC
),
1117 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDisassocBeginSta 2\n");
1121 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
) {
1122 // delcare received ps-poll event
1123 if (IS_CTL_PSPOLL(pbyFrame
)) {
1124 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1125 bScheduleCommand((HANDLE
)pDevice
, WLAN_CMD_RX_PSPOLL
, NULL
);
1126 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 1\n");
1129 // check Data PS state
1130 // if PW bit off, send out all PS bufferring packets.
1131 if (!IS_FC_POWERMGT(pbyFrame
)) {
1132 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1133 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1134 bScheduleCommand((HANDLE
)pDevice
, WLAN_CMD_RX_PSPOLL
, NULL
);
1135 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 2\n");
1140 if (IS_FC_POWERMGT(pbyFrame
)) {
1141 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= TRUE
;
1142 // Once if STA in PS state, enable multicast bufferring
1143 pMgmt
->sNodeDBTable
[0].bPSEnable
= TRUE
;
1146 // clear all pending PS frame.
1147 if (pMgmt
->sNodeDBTable
[iSANodeIndex
].wEnQueueCnt
> 0) {
1148 pMgmt
->sNodeDBTable
[iSANodeIndex
].bPSEnable
= FALSE
;
1149 pMgmt
->sNodeDBTable
[iSANodeIndex
].bRxPSPoll
= TRUE
;
1150 bScheduleCommand((HANDLE
)pDevice
, WLAN_CMD_RX_PSPOLL
, NULL
);
1151 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: WLAN_CMD_RX_PSPOLL 3\n");
1158 vMgrDeAuthenBeginSta(pDevice
,
1160 (PBYTE
)(p802_11Header
->abyAddr2
),
1161 (WLAN_MGMT_REASON_CLASS2_NONAUTH
),
1164 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: send vMgrDeAuthenBeginSta 3\n");
1165 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"BSSID:%02x-%02x-%02x=%02x-%02x-%02x \n",
1166 p802_11Header
->abyAddr3
[0],
1167 p802_11Header
->abyAddr3
[1],
1168 p802_11Header
->abyAddr3
[2],
1169 p802_11Header
->abyAddr3
[3],
1170 p802_11Header
->abyAddr3
[4],
1171 p802_11Header
->abyAddr3
[5]
1173 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR2:%02x-%02x-%02x=%02x-%02x-%02x \n",
1174 p802_11Header
->abyAddr2
[0],
1175 p802_11Header
->abyAddr2
[1],
1176 p802_11Header
->abyAddr2
[2],
1177 p802_11Header
->abyAddr2
[3],
1178 p802_11Header
->abyAddr2
[4],
1179 p802_11Header
->abyAddr2
[5]
1181 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ADDR1:%02x-%02x-%02x=%02x-%02x-%02x \n",
1182 p802_11Header
->abyAddr1
[0],
1183 p802_11Header
->abyAddr1
[1],
1184 p802_11Header
->abyAddr1
[2],
1185 p802_11Header
->abyAddr1
[3],
1186 p802_11Header
->abyAddr1
[4],
1187 p802_11Header
->abyAddr1
[5]
1189 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"dpc: wFrameCtl= %x\n", p802_11Header
->wFrameCtl
);
1198 static BOOL
s_bHandleRxEncryption (
1199 IN PSDevice pDevice
,
1203 OUT PBYTE pbyNewRsr
,
1204 OUT PSKeyItem
*pKeyOut
,
1206 OUT PWORD pwRxTSC15_0
,
1207 OUT PDWORD pdwRxTSC47_16
1210 UINT PayloadLen
= FrameSize
;
1213 PSKeyItem pKey
= NULL
;
1214 BYTE byDecMode
= KEY_CTL_WEP
;
1215 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1221 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1222 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1223 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1224 pbyIV
+= 6; // 6 is 802.11 address4
1227 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1229 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1231 if ((pMgmt
->eAuthenMode
== WMAC_AUTH_WPA
) ||
1232 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPAPSK
) ||
1233 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPANONE
) ||
1234 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2
) ||
1235 (pMgmt
->eAuthenMode
== WMAC_AUTH_WPA2PSK
)) {
1236 if (((*pbyRsr
& (RSR_ADDRBROAD
| RSR_ADDRMULTI
)) == 0) &&
1237 (pMgmt
->byCSSPK
!= KEY_CTL_NONE
)) {
1238 // unicast pkt use pairwise key
1239 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt\n");
1240 if (KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, 0xFFFFFFFF, &pKey
) == TRUE
) {
1241 if (pMgmt
->byCSSPK
== KEY_CTL_TKIP
)
1242 byDecMode
= KEY_CTL_TKIP
;
1243 else if (pMgmt
->byCSSPK
== KEY_CTL_CCMP
)
1244 byDecMode
= KEY_CTL_CCMP
;
1246 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"unicast pkt: %d, %p\n", byDecMode
, pKey
);
1249 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBSSID
, byKeyIdx
, &pKey
);
1250 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1251 byDecMode
= KEY_CTL_TKIP
;
1252 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1253 byDecMode
= KEY_CTL_CCMP
;
1254 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"group pkt: %d, %d, %p\n", byKeyIdx
, byDecMode
, pKey
);
1257 // our WEP only support Default Key
1259 // use default group key
1260 KeybGetKey(&(pDevice
->sKey
), pDevice
->abyBroadcastAddr
, byKeyIdx
, &pKey
);
1261 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1262 byDecMode
= KEY_CTL_TKIP
;
1263 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1264 byDecMode
= KEY_CTL_CCMP
;
1268 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1271 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"pKey == NULL\n");
1272 if (byDecMode
== KEY_CTL_WEP
) {
1273 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1274 } else if (pDevice
->bLinkPass
== TRUE
) {
1275 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1279 if (byDecMode
!= pKey
->byCipherSuite
) {
1280 if (byDecMode
== KEY_CTL_WEP
) {
1281 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1282 } else if (pDevice
->bLinkPass
== TRUE
) {
1283 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1288 if (byDecMode
== KEY_CTL_WEP
) {
1290 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1291 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
)) {
1296 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1297 MEMvCopy(pDevice
->abyPRNG
, pbyIV
, 3);
1298 MEMvCopy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1299 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1300 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1302 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1303 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1306 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1307 (byDecMode
== KEY_CTL_CCMP
)) {
1310 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1311 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1312 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1313 if (byDecMode
== KEY_CTL_TKIP
) {
1314 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1316 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1318 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1320 if ((byDecMode
== KEY_CTL_TKIP
) &&
1321 (pDevice
->byLocalID
<= REV_ID_VT3253_A1
)) {
1324 PS802_11Header pMACHeader
= (PS802_11Header
) (pbyFrame
);
1325 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1326 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1327 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1328 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1329 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1330 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1332 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1333 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1338 if ((*(pbyIV
+3) & 0x20) != 0)
1344 static BOOL
s_bHostWepRxEncryption (
1345 IN PSDevice pDevice
,
1351 OUT PBYTE pbyNewRsr
,
1353 OUT PWORD pwRxTSC15_0
,
1354 OUT PDWORD pdwRxTSC47_16
1357 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1358 UINT PayloadLen
= FrameSize
;
1361 BYTE byDecMode
= KEY_CTL_WEP
;
1362 PS802_11Header pMACHeader
;
1369 pbyIV
= pbyFrame
+ WLAN_HDR_ADDR3_LEN
;
1370 if ( WLAN_GET_FC_TODS(*(PWORD
)pbyFrame
) &&
1371 WLAN_GET_FC_FROMDS(*(PWORD
)pbyFrame
) ) {
1372 pbyIV
+= 6; // 6 is 802.11 address4
1375 byKeyIdx
= (*(pbyIV
+3) & 0xc0);
1377 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"\nKeyIdx: %d\n", byKeyIdx
);
1380 if (pMgmt
->byCSSGK
== KEY_CTL_TKIP
)
1381 byDecMode
= KEY_CTL_TKIP
;
1382 else if (pMgmt
->byCSSGK
== KEY_CTL_CCMP
)
1383 byDecMode
= KEY_CTL_CCMP
;
1385 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"AES:%d %d %d\n", pMgmt
->byCSSPK
, pMgmt
->byCSSGK
, byDecMode
);
1387 if (byDecMode
!= pKey
->byCipherSuite
) {
1388 if (byDecMode
== KEY_CTL_WEP
) {
1389 // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
1390 } else if (pDevice
->bLinkPass
== TRUE
) {
1391 // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
1396 if (byDecMode
== KEY_CTL_WEP
) {
1398 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"byDecMode == KEY_CTL_WEP \n");
1399 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) ||
1400 (((PSKeyTable
)(pKey
->pvKeyTable
))->bSoftWEP
== TRUE
) ||
1401 (bOnFly
== FALSE
)) {
1407 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
1408 MEMvCopy(pDevice
->abyPRNG
, pbyIV
, 3);
1409 MEMvCopy(pDevice
->abyPRNG
+ 3, pKey
->abyKey
, pKey
->uKeyLength
);
1410 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, pKey
->uKeyLength
+ 3);
1411 rc4_encrypt(&pDevice
->SBox
, pbyIV
+4, pbyIV
+4, PayloadLen
);
1413 if (ETHbIsBufferCrc32Ok(pbyIV
+4, PayloadLen
)) {
1414 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1417 } else if ((byDecMode
== KEY_CTL_TKIP
) ||
1418 (byDecMode
== KEY_CTL_CCMP
)) {
1421 PayloadLen
-= (WLAN_HDR_ADDR3_LEN
+ 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
1422 *pdwRxTSC47_16
= cpu_to_le32(*(PDWORD
)(pbyIV
+ 4));
1423 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ExtIV: %lx\n",*pdwRxTSC47_16
);
1425 if (byDecMode
== KEY_CTL_TKIP
) {
1426 *pwRxTSC15_0
= cpu_to_le16(MAKEWORD(*(pbyIV
+2), *pbyIV
));
1428 *pwRxTSC15_0
= cpu_to_le16(*(PWORD
)pbyIV
);
1430 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"TSC0_15: %x\n", *pwRxTSC15_0
);
1432 if (byDecMode
== KEY_CTL_TKIP
) {
1434 if ((pDevice
->byLocalID
<= REV_ID_VT3253_A1
) || (bOnFly
== FALSE
)) {
1438 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_TKIP \n");
1439 pMACHeader
= (PS802_11Header
) (pbyFrame
);
1440 TKIPvMixKey(pKey
->abyKey
, pMACHeader
->abyAddr2
, *pwRxTSC15_0
, *pdwRxTSC47_16
, pDevice
->abyPRNG
);
1441 rc4_init(&pDevice
->SBox
, pDevice
->abyPRNG
, TKIP_KEY_LEN
);
1442 rc4_encrypt(&pDevice
->SBox
, pbyIV
+8, pbyIV
+8, PayloadLen
);
1443 if (ETHbIsBufferCrc32Ok(pbyIV
+8, PayloadLen
)) {
1444 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1445 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV OK!\n");
1447 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"ICV FAIL!!!\n");
1448 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"PayloadLen = %d\n", PayloadLen
);
1453 if (byDecMode
== KEY_CTL_CCMP
) {
1454 if (bOnFly
== FALSE
) {
1457 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"soft KEY_CTL_CCMP\n");
1458 if (AESbGenCCMP(pKey
->abyKey
, pbyFrame
, FrameSize
)) {
1459 *pbyNewRsr
|= NEWRSR_DECRYPTOK
;
1460 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC compare OK!\n");
1462 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"CCMP MIC fail!\n");
1469 if ((*(pbyIV
+3) & 0x20) != 0)
1476 static BOOL
s_bAPModeRxData (
1477 IN PSDevice pDevice
,
1478 IN
struct sk_buff
* skb
,
1480 IN UINT cbHeaderOffset
,
1481 IN INT iSANodeIndex
,
1486 PSMgmtObject pMgmt
= &(pDevice
->sMgmtObj
);
1487 BOOL bRelayAndForward
= FALSE
;
1488 BOOL bRelayOnly
= FALSE
;
1489 BYTE byMask
[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
1493 struct sk_buff
* skbcpy
= NULL
;
1495 if (FrameSize
> CB_MAX_BUF_SIZE
)
1498 if(IS_MULTICAST_ADDRESS((PBYTE
)(skb
->data
+cbHeaderOffset
))) {
1499 if (pMgmt
->sNodeDBTable
[0].bPSEnable
) {
1501 skbcpy
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1503 // if any node in PS mode, buffer packet until DTIM.
1504 if (skbcpy
== NULL
) {
1505 DBG_PRT(MSG_LEVEL_NOTICE
, KERN_INFO
"relay multicast no skb available \n");
1508 skbcpy
->dev
= pDevice
->dev
;
1509 skbcpy
->len
= FrameSize
;
1510 memcpy(skbcpy
->data
, skb
->data
+cbHeaderOffset
, FrameSize
);
1511 skb_queue_tail(&(pMgmt
->sNodeDBTable
[0].sTxPSQueue
), skbcpy
);
1512 pMgmt
->sNodeDBTable
[0].wEnQueueCnt
++;
1514 pMgmt
->abyPSTxMap
[0] |= byMask
[0];
1518 bRelayAndForward
= TRUE
;
1523 if (BSSbIsSTAInNodeDB(pDevice
, (PBYTE
)(skb
->data
+cbHeaderOffset
), &iDANodeIndex
)) {
1524 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].eNodeState
>= NODE_ASSOC
) {
1525 if (pMgmt
->sNodeDBTable
[iDANodeIndex
].bPSEnable
) {
1526 // queue this skb until next PS tx, and then release.
1528 skb
->data
+= cbHeaderOffset
;
1529 skb
->tail
+= cbHeaderOffset
;
1530 skb_put(skb
, FrameSize
);
1531 skb_queue_tail(&pMgmt
->sNodeDBTable
[iDANodeIndex
].sTxPSQueue
, skb
);
1533 pMgmt
->sNodeDBTable
[iDANodeIndex
].wEnQueueCnt
++;
1534 wAID
= pMgmt
->sNodeDBTable
[iDANodeIndex
].wAID
;
1535 pMgmt
->abyPSTxMap
[wAID
>> 3] |= byMask
[wAID
& 7];
1536 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
1537 iDANodeIndex
, (wAID
>> 3), pMgmt
->abyPSTxMap
[wAID
>> 3]);
1547 if (bRelayOnly
|| bRelayAndForward
) {
1548 // relay this packet right now
1549 if (bRelayAndForward
)
1552 if ((pDevice
->uAssocCount
> 1) && (iDANodeIndex
>= 0)) {
1553 bRelayPacketSend(pDevice
, (PBYTE
)(skb
->data
+ cbHeaderOffset
), FrameSize
, (UINT
)iDANodeIndex
);
1559 // none associate, don't forward
1560 if (pDevice
->uAssocCount
== 0)
1574 PSDevice pDevice
= (PSDevice
) Context
;
1578 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Polling Thread\n");
1579 spin_lock_irq(&pDevice
->lock
);
1580 while ( MP_TEST_FLAG(pDevice
, fMP_POST_READS
) &&
1581 MP_IS_READY(pDevice
) &&
1582 (pDevice
->NumRecvFreeList
!= 0) ) {
1583 pRCB
= pDevice
->FirstRecvFreeList
;
1584 pDevice
->NumRecvFreeList
--;
1585 ASSERT(pRCB
);// cannot be NULL
1586 DequeueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
);
1587 ntStatus
= PIPEnsBulkInUsbRead(pDevice
, pRCB
);
1589 pDevice
->bIsRxWorkItemQueued
= FALSE
;
1590 spin_unlock_irq(&pDevice
->lock
);
1601 PSDevice pDevice
= (PSDevice
)pRCB
->pDevice
;
1604 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->RXvFreeRCB\n");
1606 ASSERT(!pRCB
->Ref
); // should be 0
1607 ASSERT(pRCB
->pDevice
); // shouldn't be NULL
1609 if (bReAllocSkb
== TRUE
) {
1610 pRCB
->skb
= dev_alloc_skb((int)pDevice
->rx_buf_sz
);
1611 // todo error handling
1612 if (pRCB
->skb
== NULL
) {
1613 DBG_PRT(MSG_LEVEL_ERR
,KERN_ERR
" Failed to re-alloc rx skb\n");
1615 pRCB
->skb
->dev
= pDevice
->dev
;
1619 // Insert the RCB back in the Recv free list
1621 EnqueueRCB(pDevice
->FirstRecvFreeList
, pDevice
->LastRecvFreeList
, pRCB
);
1622 pDevice
->NumRecvFreeList
++;
1625 if (MP_TEST_FLAG(pDevice
, fMP_POST_READS
) && MP_IS_READY(pDevice
) &&
1626 (pDevice
->bIsRxWorkItemQueued
== FALSE
) ) {
1628 pDevice
->bIsRxWorkItemQueued
= TRUE
;
1629 tasklet_schedule(&pDevice
->ReadWorkItem
);
1631 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"<----RXFreeRCB %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1640 PSDevice pDevice
= (PSDevice
) Context
;
1642 PSRxMgmtPacket pRxPacket
;
1643 BOOL bReAllocSkb
= FALSE
;
1645 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"---->Rx Mng Thread\n");
1647 spin_lock_irq(&pDevice
->lock
);
1648 while (pDevice
->NumRecvMngList
!=0)
1650 pRCB
= pDevice
->FirstRecvMngList
;
1651 pDevice
->NumRecvMngList
--;
1652 DequeueRCB(pDevice
->FirstRecvMngList
, pDevice
->LastRecvMngList
);
1656 ASSERT(pRCB
);// cannot be NULL
1657 pRxPacket
= &(pRCB
->sMngPacket
);
1658 vMgrRxManagePacket((HANDLE
)pDevice
, &(pDevice
->sMgmtObj
), pRxPacket
);
1660 if(pRCB
->Ref
== 0) {
1661 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"RxvFreeMng %d %d\n",pDevice
->NumRecvFreeList
, pDevice
->NumRecvMngList
);
1662 RXvFreeRCB(pRCB
, bReAllocSkb
);
1664 DBG_PRT(MSG_LEVEL_DEBUG
, KERN_INFO
"Rx Mng Only we have the right to free RCB\n");
1668 pDevice
->bIsRxMngWorkItemQueued
= FALSE
;
1669 spin_unlock_irq(&pDevice
->lock
);